5.8 Ensure the Mailbox Access by Non-Owners Report is reviewed at least biweekly


You should review the Mailbox Access by Non-Owners report at least every other week. This report shows which mailboxes have been accessed by someone other than the mailbox owner.

NOTE: This setting is only available in the classic Exchange Admin center.


While there are many legitimate uses of delegate permissions, regularly reviewing that access can help prevent an external attacker from maintaining access for a long time, and can help discover malicious insider activity sooner.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To review the report, perform the following steps using the Microsoft 365 Admin Center:

Click Exchange.

Click on Classic Exchange admin center.

Click Compliance Management and auditing.

Select Run a non-owner mailbox access report.

Enter Start Date and End Date.

Change Search for access by field to all non-owners.

Select Search.

See Also


Item Details


References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: a6e411f17ffeb5cddd6059f00519bafedfe3eb044abae22282ec5059ae408a7d